PT-2026-41028 · Unknown+2 · Openimageio+2

Biniamf

·

Published

2026-05-14

·

Updated

2026-06-16

·

CVE-2026-43909

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions OpenImageIO versions prior to 3.0.18.0 OpenImageIO versions prior to 3.1.13.0
Description A signed 32-bit integer overflow occurs in the loop index expression i * 4 within the SwapRGBABytes() function when processing kABGR DPX images with large dimensions. This causes the function to compute a large negative pointer offset, resulting in an out-of-bounds read and write. This issue can be exploited by a remote attacker to cause a denial of service.
Recommendations Update to version 3.0.18.0. Update to version 3.1.13.0.

Exploit

Fix

Out of bounds Read

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07026
CVE-2026-43909
GHSA-G267-J53J-5258
USN-8438-1

Affected Products

Linuxmint
Openimageio
Ubuntu